mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
- Option to toggle udp-connect, default is enabled.
This commit is contained in:
parent
cca128b871
commit
9cc8aa1ddf
@ -1807,7 +1807,7 @@ worker_init(struct worker* worker, struct config_file *cfg,
|
||||
&worker_alloc_cleanup, worker,
|
||||
cfg->do_udp || cfg->udp_upstream_without_downstream,
|
||||
worker->daemon->connect_sslctx, cfg->delay_close,
|
||||
cfg->tls_use_sni, dtenv);
|
||||
cfg->tls_use_sni, dtenv, cfg->udp_connect);
|
||||
if(!worker->back) {
|
||||
log_err("could not create outgoing sockets");
|
||||
worker_delete(worker);
|
||||
|
@ -5,6 +5,7 @@
|
||||
failed to list interfaces: getifaddrs: Address family not
|
||||
supported by protocol.
|
||||
- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
|
||||
- Option to toggle udp-connect, default is enabled.
|
||||
|
||||
12 November 2020: Wouter
|
||||
- Fix to connect() to UDP destinations, default turned on,
|
||||
|
@ -161,6 +161,9 @@ server:
|
||||
# msec to wait before close of port on timeout UDP. 0 disables.
|
||||
# delay-close: 0
|
||||
|
||||
# perform connect for UDP sockets to mitigate ICMP side channel.
|
||||
# udp-connect: yes
|
||||
|
||||
# msec for waiting for an unknown server to reply. Increase if you
|
||||
# are behind a slow satellite link, to eg. 1128.
|
||||
# unknown-server-time-limit: 376
|
||||
|
@ -274,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks
|
||||
the ID and remote IP of packets, and unwanted packets are added to the
|
||||
unwanted packet counter.
|
||||
.TP
|
||||
.B udp\-connect: \fI<yes or no>
|
||||
Perform connect for UDP sockets that mitigates ICMP side channel leakage.
|
||||
Default is yes.
|
||||
.TP
|
||||
.B unknown\-server\-time\-limit: \fI<msec>
|
||||
The wait time in msec for waiting for an unknown server to reply.
|
||||
Increase this if you are behind a slow satellite link, to eg. 1128.
|
||||
|
@ -238,7 +238,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
|
||||
ports, numports, cfg->unwanted_threshold,
|
||||
cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w,
|
||||
cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx,
|
||||
cfg->delay_close, cfg->tls_use_sni, NULL);
|
||||
cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect);
|
||||
w->env->outnet = w->back;
|
||||
if(!w->is_bg || w->is_bg_thread) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
|
@ -723,7 +723,8 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv)
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv,
|
||||
int udp_connect)
|
||||
{
|
||||
struct outside_network* outnet = (struct outside_network*)
|
||||
calloc(1, sizeof(struct outside_network));
|
||||
@ -761,6 +762,9 @@ outside_network_create(struct comm_base *base, size_t bufsize,
|
||||
outnet->delay_tv.tv_usec = (delayclose%1000)*1000;
|
||||
}
|
||||
#endif
|
||||
if(udp_connect) {
|
||||
outnet->udp_connect = 1;
|
||||
}
|
||||
if(numavailports == 0 || num_ports == 0) {
|
||||
log_err("no outgoing ports available");
|
||||
outside_network_delete(outnet);
|
||||
@ -1115,7 +1119,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
|
||||
my_if = ub_random_max(outnet->rnd, num_if);
|
||||
pif = &ifs[my_if];
|
||||
#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
|
||||
if(1) {
|
||||
if(outnet->udp_connect) {
|
||||
/* if we connect() we cannot reuse fds for a port */
|
||||
if(pif->inuse >= pif->avail_total) {
|
||||
tries++;
|
||||
@ -1151,7 +1155,7 @@ select_ifport(struct outside_network* outnet, struct pending* pend,
|
||||
if(fd != -1) {
|
||||
verbose(VERB_ALGO, "opened UDP if=%d port=%d",
|
||||
my_if, portno);
|
||||
if(1) {
|
||||
if(outnet->udp_connect) {
|
||||
/* connect() to the destination */
|
||||
if(connect(fd, (struct sockaddr*)&pend->addr,
|
||||
pend->addrlen) < 0) {
|
||||
|
@ -106,6 +106,9 @@ struct outside_network {
|
||||
int delayclose;
|
||||
/** timeout for delayclose */
|
||||
struct timeval delay_tv;
|
||||
/** if we perform udp-connect, connect() for UDP socket to mitigate
|
||||
* ICMP side channel leakage */
|
||||
int udp_connect;
|
||||
|
||||
/** array of outgoing IP4 interfaces */
|
||||
struct port_if* ip4_ifs;
|
||||
@ -421,6 +424,7 @@ struct serviced_query {
|
||||
* msec to wait on timeouted udp sockets.
|
||||
* @param tls_use_sni: if SNI is used for TLS connections.
|
||||
* @param dtenv: environment to send dnstap events with (if enabled).
|
||||
* @param udp_connect: if the udp_connect option is enabled.
|
||||
* @return: the new structure (with no pending answers) or NULL on error.
|
||||
*/
|
||||
struct outside_network* outside_network_create(struct comm_base* base,
|
||||
@ -429,7 +433,8 @@ struct outside_network* outside_network_create(struct comm_base* base,
|
||||
struct ub_randstate* rnd, int use_caps_for_id, int* availports,
|
||||
int numavailports, size_t unwanted_threshold, int tcp_mss,
|
||||
void (*unwanted_action)(void*), void* unwanted_param, int do_udp,
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv);
|
||||
void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv,
|
||||
int udp_connect);
|
||||
|
||||
/**
|
||||
* Delete outside_network structure.
|
||||
|
@ -1045,7 +1045,7 @@ outside_network_create(struct comm_base* base, size_t bufsize,
|
||||
void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param),
|
||||
int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx),
|
||||
int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni),
|
||||
struct dt_env* ATTR_UNUSED(dtenv))
|
||||
struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect))
|
||||
{
|
||||
struct replay_runtime* runtime = (struct replay_runtime*)base;
|
||||
struct outside_network* outnet = calloc(1,
|
||||
|
@ -172,6 +172,7 @@ config_create(void)
|
||||
cfg->infra_cache_min_rtt = 50;
|
||||
cfg->infra_keep_probing = 0;
|
||||
cfg->delay_close = 0;
|
||||
cfg->udp_connect = 1;
|
||||
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
|
||||
goto error_exit;
|
||||
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
|
||||
@ -569,6 +570,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
|
||||
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
|
||||
else S_NUMBER_OR_ZERO("delay-close:", delay_close)
|
||||
else S_YNO("udp-connect:", udp_connect)
|
||||
else S_STR("chroot:", chrootdir)
|
||||
else S_STR("username:", username)
|
||||
else S_STR("directory:", directory)
|
||||
@ -964,6 +966,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||
else O_YNO(opt, "infra-keep-probing", infra_keep_probing)
|
||||
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
|
||||
else O_UNS(opt, "delay-close", delay_close)
|
||||
else O_YNO(opt, "udp-connect", udp_connect)
|
||||
else O_YNO(opt, "do-ip4", do_ip4)
|
||||
else O_YNO(opt, "do-ip6", do_ip6)
|
||||
else O_YNO(opt, "do-udp", do_udp)
|
||||
|
@ -185,6 +185,8 @@ struct config_file {
|
||||
int infra_keep_probing;
|
||||
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
|
||||
int delay_close;
|
||||
/** udp_connect enable uses UDP connect to mitigate ICMP side channel */
|
||||
int udp_connect;
|
||||
|
||||
/** the target fetch policy for the iterator */
|
||||
char* target_fetch_policy;
|
||||
|
4874
util/configlexer.c
4874
util/configlexer.c
File diff suppressed because it is too large
Load Diff
@ -301,6 +301,7 @@ infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) }
|
||||
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
|
||||
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
|
||||
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
|
||||
udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) }
|
||||
target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) }
|
||||
harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) }
|
||||
harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) }
|
||||
|
3182
util/configparser.c
3182
util/configparser.c
File diff suppressed because it is too large
Load Diff
@ -200,154 +200,155 @@ extern int yydebug;
|
||||
VAR_RRSET_ROUNDROBIN = 406,
|
||||
VAR_MAX_UDP_SIZE = 407,
|
||||
VAR_DELAY_CLOSE = 408,
|
||||
VAR_UNBLOCK_LAN_ZONES = 409,
|
||||
VAR_INSECURE_LAN_ZONES = 410,
|
||||
VAR_INFRA_CACHE_MIN_RTT = 411,
|
||||
VAR_INFRA_KEEP_PROBING = 412,
|
||||
VAR_DNS64_PREFIX = 413,
|
||||
VAR_DNS64_SYNTHALL = 414,
|
||||
VAR_DNS64_IGNORE_AAAA = 415,
|
||||
VAR_DNSTAP = 416,
|
||||
VAR_DNSTAP_ENABLE = 417,
|
||||
VAR_DNSTAP_SOCKET_PATH = 418,
|
||||
VAR_DNSTAP_IP = 419,
|
||||
VAR_DNSTAP_TLS = 420,
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 421,
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 422,
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 423,
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 424,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 425,
|
||||
VAR_DNSTAP_SEND_VERSION = 426,
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 427,
|
||||
VAR_DNSTAP_IDENTITY = 428,
|
||||
VAR_DNSTAP_VERSION = 429,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 430,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 431,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 432,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 433,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 434,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 435,
|
||||
VAR_RESPONSE_IP_TAG = 436,
|
||||
VAR_RESPONSE_IP = 437,
|
||||
VAR_RESPONSE_IP_DATA = 438,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 439,
|
||||
VAR_IP_TRANSPARENT = 440,
|
||||
VAR_IP_DSCP = 441,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 442,
|
||||
VAR_IP_RATELIMIT = 443,
|
||||
VAR_IP_RATELIMIT_SLABS = 444,
|
||||
VAR_IP_RATELIMIT_SIZE = 445,
|
||||
VAR_RATELIMIT = 446,
|
||||
VAR_RATELIMIT_SLABS = 447,
|
||||
VAR_RATELIMIT_SIZE = 448,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 449,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 450,
|
||||
VAR_IP_RATELIMIT_FACTOR = 451,
|
||||
VAR_RATELIMIT_FACTOR = 452,
|
||||
VAR_SEND_CLIENT_SUBNET = 453,
|
||||
VAR_CLIENT_SUBNET_ZONE = 454,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 455,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 456,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 457,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 458,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 459,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 460,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 461,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 462,
|
||||
VAR_CAPS_WHITELIST = 463,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 464,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 465,
|
||||
VAR_QNAME_MINIMISATION = 466,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 467,
|
||||
VAR_IP_FREEBIND = 468,
|
||||
VAR_DEFINE_TAG = 469,
|
||||
VAR_LOCAL_ZONE_TAG = 470,
|
||||
VAR_ACCESS_CONTROL_TAG = 471,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 472,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 473,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 474,
|
||||
VAR_VIEW = 475,
|
||||
VAR_ACCESS_CONTROL_VIEW = 476,
|
||||
VAR_VIEW_FIRST = 477,
|
||||
VAR_SERVE_EXPIRED = 478,
|
||||
VAR_SERVE_EXPIRED_TTL = 479,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 480,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 481,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 482,
|
||||
VAR_FAKE_DSA = 483,
|
||||
VAR_FAKE_SHA1 = 484,
|
||||
VAR_LOG_IDENTITY = 485,
|
||||
VAR_HIDE_TRUSTANCHOR = 486,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 487,
|
||||
VAR_AGGRESSIVE_NSEC = 488,
|
||||
VAR_USE_SYSTEMD = 489,
|
||||
VAR_SHM_ENABLE = 490,
|
||||
VAR_SHM_KEY = 491,
|
||||
VAR_ROOT_KEY_SENTINEL = 492,
|
||||
VAR_DNSCRYPT = 493,
|
||||
VAR_DNSCRYPT_ENABLE = 494,
|
||||
VAR_DNSCRYPT_PORT = 495,
|
||||
VAR_DNSCRYPT_PROVIDER = 496,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 497,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 498,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 499,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 500,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 501,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 502,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 503,
|
||||
VAR_IPSECMOD_ENABLED = 504,
|
||||
VAR_IPSECMOD_HOOK = 505,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 506,
|
||||
VAR_IPSECMOD_MAX_TTL = 507,
|
||||
VAR_IPSECMOD_WHITELIST = 508,
|
||||
VAR_IPSECMOD_STRICT = 509,
|
||||
VAR_CACHEDB = 510,
|
||||
VAR_CACHEDB_BACKEND = 511,
|
||||
VAR_CACHEDB_SECRETSEED = 512,
|
||||
VAR_CACHEDB_REDISHOST = 513,
|
||||
VAR_CACHEDB_REDISPORT = 514,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 515,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 516,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 517,
|
||||
VAR_FOR_UPSTREAM = 518,
|
||||
VAR_AUTH_ZONE = 519,
|
||||
VAR_ZONEFILE = 520,
|
||||
VAR_MASTER = 521,
|
||||
VAR_URL = 522,
|
||||
VAR_FOR_DOWNSTREAM = 523,
|
||||
VAR_FALLBACK_ENABLED = 524,
|
||||
VAR_TLS_ADDITIONAL_PORT = 525,
|
||||
VAR_LOW_RTT = 526,
|
||||
VAR_LOW_RTT_PERMIL = 527,
|
||||
VAR_FAST_SERVER_PERMIL = 528,
|
||||
VAR_FAST_SERVER_NUM = 529,
|
||||
VAR_ALLOW_NOTIFY = 530,
|
||||
VAR_TLS_WIN_CERT = 531,
|
||||
VAR_TCP_CONNECTION_LIMIT = 532,
|
||||
VAR_FORWARD_NO_CACHE = 533,
|
||||
VAR_STUB_NO_CACHE = 534,
|
||||
VAR_LOG_SERVFAIL = 535,
|
||||
VAR_DENY_ANY = 536,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 537,
|
||||
VAR_LOG_TAG_QUERYREPLY = 538,
|
||||
VAR_STREAM_WAIT_SIZE = 539,
|
||||
VAR_TLS_CIPHERS = 540,
|
||||
VAR_TLS_CIPHERSUITES = 541,
|
||||
VAR_TLS_USE_SNI = 542,
|
||||
VAR_IPSET = 543,
|
||||
VAR_IPSET_NAME_V4 = 544,
|
||||
VAR_IPSET_NAME_V6 = 545,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 546,
|
||||
VAR_RPZ = 547,
|
||||
VAR_TAGS = 548,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 549,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 550,
|
||||
VAR_RPZ_LOG = 551,
|
||||
VAR_RPZ_LOG_NAME = 552,
|
||||
VAR_DYNLIB = 553,
|
||||
VAR_DYNLIB_FILE = 554,
|
||||
VAR_EDNS_CLIENT_TAG = 555,
|
||||
VAR_EDNS_CLIENT_TAG_OPCODE = 556
|
||||
VAR_UDP_CONNECT = 409,
|
||||
VAR_UNBLOCK_LAN_ZONES = 410,
|
||||
VAR_INSECURE_LAN_ZONES = 411,
|
||||
VAR_INFRA_CACHE_MIN_RTT = 412,
|
||||
VAR_INFRA_KEEP_PROBING = 413,
|
||||
VAR_DNS64_PREFIX = 414,
|
||||
VAR_DNS64_SYNTHALL = 415,
|
||||
VAR_DNS64_IGNORE_AAAA = 416,
|
||||
VAR_DNSTAP = 417,
|
||||
VAR_DNSTAP_ENABLE = 418,
|
||||
VAR_DNSTAP_SOCKET_PATH = 419,
|
||||
VAR_DNSTAP_IP = 420,
|
||||
VAR_DNSTAP_TLS = 421,
|
||||
VAR_DNSTAP_TLS_SERVER_NAME = 422,
|
||||
VAR_DNSTAP_TLS_CERT_BUNDLE = 423,
|
||||
VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424,
|
||||
VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425,
|
||||
VAR_DNSTAP_SEND_IDENTITY = 426,
|
||||
VAR_DNSTAP_SEND_VERSION = 427,
|
||||
VAR_DNSTAP_BIDIRECTIONAL = 428,
|
||||
VAR_DNSTAP_IDENTITY = 429,
|
||||
VAR_DNSTAP_VERSION = 430,
|
||||
VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431,
|
||||
VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432,
|
||||
VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433,
|
||||
VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434,
|
||||
VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435,
|
||||
VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436,
|
||||
VAR_RESPONSE_IP_TAG = 437,
|
||||
VAR_RESPONSE_IP = 438,
|
||||
VAR_RESPONSE_IP_DATA = 439,
|
||||
VAR_HARDEN_ALGO_DOWNGRADE = 440,
|
||||
VAR_IP_TRANSPARENT = 441,
|
||||
VAR_IP_DSCP = 442,
|
||||
VAR_DISABLE_DNSSEC_LAME_CHECK = 443,
|
||||
VAR_IP_RATELIMIT = 444,
|
||||
VAR_IP_RATELIMIT_SLABS = 445,
|
||||
VAR_IP_RATELIMIT_SIZE = 446,
|
||||
VAR_RATELIMIT = 447,
|
||||
VAR_RATELIMIT_SLABS = 448,
|
||||
VAR_RATELIMIT_SIZE = 449,
|
||||
VAR_RATELIMIT_FOR_DOMAIN = 450,
|
||||
VAR_RATELIMIT_BELOW_DOMAIN = 451,
|
||||
VAR_IP_RATELIMIT_FACTOR = 452,
|
||||
VAR_RATELIMIT_FACTOR = 453,
|
||||
VAR_SEND_CLIENT_SUBNET = 454,
|
||||
VAR_CLIENT_SUBNET_ZONE = 455,
|
||||
VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456,
|
||||
VAR_CLIENT_SUBNET_OPCODE = 457,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV4 = 458,
|
||||
VAR_MAX_CLIENT_SUBNET_IPV6 = 459,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV4 = 460,
|
||||
VAR_MIN_CLIENT_SUBNET_IPV6 = 461,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV4 = 462,
|
||||
VAR_MAX_ECS_TREE_SIZE_IPV6 = 463,
|
||||
VAR_CAPS_WHITELIST = 464,
|
||||
VAR_CACHE_MAX_NEGATIVE_TTL = 465,
|
||||
VAR_PERMIT_SMALL_HOLDDOWN = 466,
|
||||
VAR_QNAME_MINIMISATION = 467,
|
||||
VAR_QNAME_MINIMISATION_STRICT = 468,
|
||||
VAR_IP_FREEBIND = 469,
|
||||
VAR_DEFINE_TAG = 470,
|
||||
VAR_LOCAL_ZONE_TAG = 471,
|
||||
VAR_ACCESS_CONTROL_TAG = 472,
|
||||
VAR_LOCAL_ZONE_OVERRIDE = 473,
|
||||
VAR_ACCESS_CONTROL_TAG_ACTION = 474,
|
||||
VAR_ACCESS_CONTROL_TAG_DATA = 475,
|
||||
VAR_VIEW = 476,
|
||||
VAR_ACCESS_CONTROL_VIEW = 477,
|
||||
VAR_VIEW_FIRST = 478,
|
||||
VAR_SERVE_EXPIRED = 479,
|
||||
VAR_SERVE_EXPIRED_TTL = 480,
|
||||
VAR_SERVE_EXPIRED_TTL_RESET = 481,
|
||||
VAR_SERVE_EXPIRED_REPLY_TTL = 482,
|
||||
VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483,
|
||||
VAR_FAKE_DSA = 484,
|
||||
VAR_FAKE_SHA1 = 485,
|
||||
VAR_LOG_IDENTITY = 486,
|
||||
VAR_HIDE_TRUSTANCHOR = 487,
|
||||
VAR_TRUST_ANCHOR_SIGNALING = 488,
|
||||
VAR_AGGRESSIVE_NSEC = 489,
|
||||
VAR_USE_SYSTEMD = 490,
|
||||
VAR_SHM_ENABLE = 491,
|
||||
VAR_SHM_KEY = 492,
|
||||
VAR_ROOT_KEY_SENTINEL = 493,
|
||||
VAR_DNSCRYPT = 494,
|
||||
VAR_DNSCRYPT_ENABLE = 495,
|
||||
VAR_DNSCRYPT_PORT = 496,
|
||||
VAR_DNSCRYPT_PROVIDER = 497,
|
||||
VAR_DNSCRYPT_SECRET_KEY = 498,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT = 499,
|
||||
VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501,
|
||||
VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503,
|
||||
VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504,
|
||||
VAR_IPSECMOD_ENABLED = 505,
|
||||
VAR_IPSECMOD_HOOK = 506,
|
||||
VAR_IPSECMOD_IGNORE_BOGUS = 507,
|
||||
VAR_IPSECMOD_MAX_TTL = 508,
|
||||
VAR_IPSECMOD_WHITELIST = 509,
|
||||
VAR_IPSECMOD_STRICT = 510,
|
||||
VAR_CACHEDB = 511,
|
||||
VAR_CACHEDB_BACKEND = 512,
|
||||
VAR_CACHEDB_SECRETSEED = 513,
|
||||
VAR_CACHEDB_REDISHOST = 514,
|
||||
VAR_CACHEDB_REDISPORT = 515,
|
||||
VAR_CACHEDB_REDISTIMEOUT = 516,
|
||||
VAR_CACHEDB_REDISEXPIRERECORDS = 517,
|
||||
VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518,
|
||||
VAR_FOR_UPSTREAM = 519,
|
||||
VAR_AUTH_ZONE = 520,
|
||||
VAR_ZONEFILE = 521,
|
||||
VAR_MASTER = 522,
|
||||
VAR_URL = 523,
|
||||
VAR_FOR_DOWNSTREAM = 524,
|
||||
VAR_FALLBACK_ENABLED = 525,
|
||||
VAR_TLS_ADDITIONAL_PORT = 526,
|
||||
VAR_LOW_RTT = 527,
|
||||
VAR_LOW_RTT_PERMIL = 528,
|
||||
VAR_FAST_SERVER_PERMIL = 529,
|
||||
VAR_FAST_SERVER_NUM = 530,
|
||||
VAR_ALLOW_NOTIFY = 531,
|
||||
VAR_TLS_WIN_CERT = 532,
|
||||
VAR_TCP_CONNECTION_LIMIT = 533,
|
||||
VAR_FORWARD_NO_CACHE = 534,
|
||||
VAR_STUB_NO_CACHE = 535,
|
||||
VAR_LOG_SERVFAIL = 536,
|
||||
VAR_DENY_ANY = 537,
|
||||
VAR_UNKNOWN_SERVER_TIME_LIMIT = 538,
|
||||
VAR_LOG_TAG_QUERYREPLY = 539,
|
||||
VAR_STREAM_WAIT_SIZE = 540,
|
||||
VAR_TLS_CIPHERS = 541,
|
||||
VAR_TLS_CIPHERSUITES = 542,
|
||||
VAR_TLS_USE_SNI = 543,
|
||||
VAR_IPSET = 544,
|
||||
VAR_IPSET_NAME_V4 = 545,
|
||||
VAR_IPSET_NAME_V6 = 546,
|
||||
VAR_TLS_SESSION_TICKET_KEYS = 547,
|
||||
VAR_RPZ = 548,
|
||||
VAR_TAGS = 549,
|
||||
VAR_RPZ_ACTION_OVERRIDE = 550,
|
||||
VAR_RPZ_CNAME_OVERRIDE = 551,
|
||||
VAR_RPZ_LOG = 552,
|
||||
VAR_RPZ_LOG_NAME = 553,
|
||||
VAR_DYNLIB = 554,
|
||||
VAR_DYNLIB_FILE = 555,
|
||||
VAR_EDNS_CLIENT_TAG = 556,
|
||||
VAR_EDNS_CLIENT_TAG_OPCODE = 557
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
@ -502,154 +503,155 @@ extern int yydebug;
|
||||
#define VAR_RRSET_ROUNDROBIN 406
|
||||
#define VAR_MAX_UDP_SIZE 407
|
||||
#define VAR_DELAY_CLOSE 408
|
||||
#define VAR_UNBLOCK_LAN_ZONES 409
|
||||
#define VAR_INSECURE_LAN_ZONES 410
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 411
|
||||
#define VAR_INFRA_KEEP_PROBING 412
|
||||
#define VAR_DNS64_PREFIX 413
|
||||
#define VAR_DNS64_SYNTHALL 414
|
||||
#define VAR_DNS64_IGNORE_AAAA 415
|
||||
#define VAR_DNSTAP 416
|
||||
#define VAR_DNSTAP_ENABLE 417
|
||||
#define VAR_DNSTAP_SOCKET_PATH 418
|
||||
#define VAR_DNSTAP_IP 419
|
||||
#define VAR_DNSTAP_TLS 420
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 421
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 422
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 423
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 424
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 425
|
||||
#define VAR_DNSTAP_SEND_VERSION 426
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 427
|
||||
#define VAR_DNSTAP_IDENTITY 428
|
||||
#define VAR_DNSTAP_VERSION 429
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 430
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 431
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 432
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 433
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 434
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 435
|
||||
#define VAR_RESPONSE_IP_TAG 436
|
||||
#define VAR_RESPONSE_IP 437
|
||||
#define VAR_RESPONSE_IP_DATA 438
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 439
|
||||
#define VAR_IP_TRANSPARENT 440
|
||||
#define VAR_IP_DSCP 441
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 442
|
||||
#define VAR_IP_RATELIMIT 443
|
||||
#define VAR_IP_RATELIMIT_SLABS 444
|
||||
#define VAR_IP_RATELIMIT_SIZE 445
|
||||
#define VAR_RATELIMIT 446
|
||||
#define VAR_RATELIMIT_SLABS 447
|
||||
#define VAR_RATELIMIT_SIZE 448
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 449
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 450
|
||||
#define VAR_IP_RATELIMIT_FACTOR 451
|
||||
#define VAR_RATELIMIT_FACTOR 452
|
||||
#define VAR_SEND_CLIENT_SUBNET 453
|
||||
#define VAR_CLIENT_SUBNET_ZONE 454
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 455
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 456
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 457
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 458
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 459
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 460
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 461
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 462
|
||||
#define VAR_CAPS_WHITELIST 463
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 464
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 465
|
||||
#define VAR_QNAME_MINIMISATION 466
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 467
|
||||
#define VAR_IP_FREEBIND 468
|
||||
#define VAR_DEFINE_TAG 469
|
||||
#define VAR_LOCAL_ZONE_TAG 470
|
||||
#define VAR_ACCESS_CONTROL_TAG 471
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 472
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 473
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 474
|
||||
#define VAR_VIEW 475
|
||||
#define VAR_ACCESS_CONTROL_VIEW 476
|
||||
#define VAR_VIEW_FIRST 477
|
||||
#define VAR_SERVE_EXPIRED 478
|
||||
#define VAR_SERVE_EXPIRED_TTL 479
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 480
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 481
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 482
|
||||
#define VAR_FAKE_DSA 483
|
||||
#define VAR_FAKE_SHA1 484
|
||||
#define VAR_LOG_IDENTITY 485
|
||||
#define VAR_HIDE_TRUSTANCHOR 486
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 487
|
||||
#define VAR_AGGRESSIVE_NSEC 488
|
||||
#define VAR_USE_SYSTEMD 489
|
||||
#define VAR_SHM_ENABLE 490
|
||||
#define VAR_SHM_KEY 491
|
||||
#define VAR_ROOT_KEY_SENTINEL 492
|
||||
#define VAR_DNSCRYPT 493
|
||||
#define VAR_DNSCRYPT_ENABLE 494
|
||||
#define VAR_DNSCRYPT_PORT 495
|
||||
#define VAR_DNSCRYPT_PROVIDER 496
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 497
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 498
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 499
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 500
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 501
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 502
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 503
|
||||
#define VAR_IPSECMOD_ENABLED 504
|
||||
#define VAR_IPSECMOD_HOOK 505
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 506
|
||||
#define VAR_IPSECMOD_MAX_TTL 507
|
||||
#define VAR_IPSECMOD_WHITELIST 508
|
||||
#define VAR_IPSECMOD_STRICT 509
|
||||
#define VAR_CACHEDB 510
|
||||
#define VAR_CACHEDB_BACKEND 511
|
||||
#define VAR_CACHEDB_SECRETSEED 512
|
||||
#define VAR_CACHEDB_REDISHOST 513
|
||||
#define VAR_CACHEDB_REDISPORT 514
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 515
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 516
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 517
|
||||
#define VAR_FOR_UPSTREAM 518
|
||||
#define VAR_AUTH_ZONE 519
|
||||
#define VAR_ZONEFILE 520
|
||||
#define VAR_MASTER 521
|
||||
#define VAR_URL 522
|
||||
#define VAR_FOR_DOWNSTREAM 523
|
||||
#define VAR_FALLBACK_ENABLED 524
|
||||
#define VAR_TLS_ADDITIONAL_PORT 525
|
||||
#define VAR_LOW_RTT 526
|
||||
#define VAR_LOW_RTT_PERMIL 527
|
||||
#define VAR_FAST_SERVER_PERMIL 528
|
||||
#define VAR_FAST_SERVER_NUM 529
|
||||
#define VAR_ALLOW_NOTIFY 530
|
||||
#define VAR_TLS_WIN_CERT 531
|
||||
#define VAR_TCP_CONNECTION_LIMIT 532
|
||||
#define VAR_FORWARD_NO_CACHE 533
|
||||
#define VAR_STUB_NO_CACHE 534
|
||||
#define VAR_LOG_SERVFAIL 535
|
||||
#define VAR_DENY_ANY 536
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 537
|
||||
#define VAR_LOG_TAG_QUERYREPLY 538
|
||||
#define VAR_STREAM_WAIT_SIZE 539
|
||||
#define VAR_TLS_CIPHERS 540
|
||||
#define VAR_TLS_CIPHERSUITES 541
|
||||
#define VAR_TLS_USE_SNI 542
|
||||
#define VAR_IPSET 543
|
||||
#define VAR_IPSET_NAME_V4 544
|
||||
#define VAR_IPSET_NAME_V6 545
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 546
|
||||
#define VAR_RPZ 547
|
||||
#define VAR_TAGS 548
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 549
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 550
|
||||
#define VAR_RPZ_LOG 551
|
||||
#define VAR_RPZ_LOG_NAME 552
|
||||
#define VAR_DYNLIB 553
|
||||
#define VAR_DYNLIB_FILE 554
|
||||
#define VAR_EDNS_CLIENT_TAG 555
|
||||
#define VAR_EDNS_CLIENT_TAG_OPCODE 556
|
||||
#define VAR_UDP_CONNECT 409
|
||||
#define VAR_UNBLOCK_LAN_ZONES 410
|
||||
#define VAR_INSECURE_LAN_ZONES 411
|
||||
#define VAR_INFRA_CACHE_MIN_RTT 412
|
||||
#define VAR_INFRA_KEEP_PROBING 413
|
||||
#define VAR_DNS64_PREFIX 414
|
||||
#define VAR_DNS64_SYNTHALL 415
|
||||
#define VAR_DNS64_IGNORE_AAAA 416
|
||||
#define VAR_DNSTAP 417
|
||||
#define VAR_DNSTAP_ENABLE 418
|
||||
#define VAR_DNSTAP_SOCKET_PATH 419
|
||||
#define VAR_DNSTAP_IP 420
|
||||
#define VAR_DNSTAP_TLS 421
|
||||
#define VAR_DNSTAP_TLS_SERVER_NAME 422
|
||||
#define VAR_DNSTAP_TLS_CERT_BUNDLE 423
|
||||
#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424
|
||||
#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425
|
||||
#define VAR_DNSTAP_SEND_IDENTITY 426
|
||||
#define VAR_DNSTAP_SEND_VERSION 427
|
||||
#define VAR_DNSTAP_BIDIRECTIONAL 428
|
||||
#define VAR_DNSTAP_IDENTITY 429
|
||||
#define VAR_DNSTAP_VERSION 430
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431
|
||||
#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432
|
||||
#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433
|
||||
#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435
|
||||
#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436
|
||||
#define VAR_RESPONSE_IP_TAG 437
|
||||
#define VAR_RESPONSE_IP 438
|
||||
#define VAR_RESPONSE_IP_DATA 439
|
||||
#define VAR_HARDEN_ALGO_DOWNGRADE 440
|
||||
#define VAR_IP_TRANSPARENT 441
|
||||
#define VAR_IP_DSCP 442
|
||||
#define VAR_DISABLE_DNSSEC_LAME_CHECK 443
|
||||
#define VAR_IP_RATELIMIT 444
|
||||
#define VAR_IP_RATELIMIT_SLABS 445
|
||||
#define VAR_IP_RATELIMIT_SIZE 446
|
||||
#define VAR_RATELIMIT 447
|
||||
#define VAR_RATELIMIT_SLABS 448
|
||||
#define VAR_RATELIMIT_SIZE 449
|
||||
#define VAR_RATELIMIT_FOR_DOMAIN 450
|
||||
#define VAR_RATELIMIT_BELOW_DOMAIN 451
|
||||
#define VAR_IP_RATELIMIT_FACTOR 452
|
||||
#define VAR_RATELIMIT_FACTOR 453
|
||||
#define VAR_SEND_CLIENT_SUBNET 454
|
||||
#define VAR_CLIENT_SUBNET_ZONE 455
|
||||
#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456
|
||||
#define VAR_CLIENT_SUBNET_OPCODE 457
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV4 458
|
||||
#define VAR_MAX_CLIENT_SUBNET_IPV6 459
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV4 460
|
||||
#define VAR_MIN_CLIENT_SUBNET_IPV6 461
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV4 462
|
||||
#define VAR_MAX_ECS_TREE_SIZE_IPV6 463
|
||||
#define VAR_CAPS_WHITELIST 464
|
||||
#define VAR_CACHE_MAX_NEGATIVE_TTL 465
|
||||
#define VAR_PERMIT_SMALL_HOLDDOWN 466
|
||||
#define VAR_QNAME_MINIMISATION 467
|
||||
#define VAR_QNAME_MINIMISATION_STRICT 468
|
||||
#define VAR_IP_FREEBIND 469
|
||||
#define VAR_DEFINE_TAG 470
|
||||
#define VAR_LOCAL_ZONE_TAG 471
|
||||
#define VAR_ACCESS_CONTROL_TAG 472
|
||||
#define VAR_LOCAL_ZONE_OVERRIDE 473
|
||||
#define VAR_ACCESS_CONTROL_TAG_ACTION 474
|
||||
#define VAR_ACCESS_CONTROL_TAG_DATA 475
|
||||
#define VAR_VIEW 476
|
||||
#define VAR_ACCESS_CONTROL_VIEW 477
|
||||
#define VAR_VIEW_FIRST 478
|
||||
#define VAR_SERVE_EXPIRED 479
|
||||
#define VAR_SERVE_EXPIRED_TTL 480
|
||||
#define VAR_SERVE_EXPIRED_TTL_RESET 481
|
||||
#define VAR_SERVE_EXPIRED_REPLY_TTL 482
|
||||
#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483
|
||||
#define VAR_FAKE_DSA 484
|
||||
#define VAR_FAKE_SHA1 485
|
||||
#define VAR_LOG_IDENTITY 486
|
||||
#define VAR_HIDE_TRUSTANCHOR 487
|
||||
#define VAR_TRUST_ANCHOR_SIGNALING 488
|
||||
#define VAR_AGGRESSIVE_NSEC 489
|
||||
#define VAR_USE_SYSTEMD 490
|
||||
#define VAR_SHM_ENABLE 491
|
||||
#define VAR_SHM_KEY 492
|
||||
#define VAR_ROOT_KEY_SENTINEL 493
|
||||
#define VAR_DNSCRYPT 494
|
||||
#define VAR_DNSCRYPT_ENABLE 495
|
||||
#define VAR_DNSCRYPT_PORT 496
|
||||
#define VAR_DNSCRYPT_PROVIDER 497
|
||||
#define VAR_DNSCRYPT_SECRET_KEY 498
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT 499
|
||||
#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501
|
||||
#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503
|
||||
#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504
|
||||
#define VAR_IPSECMOD_ENABLED 505
|
||||
#define VAR_IPSECMOD_HOOK 506
|
||||
#define VAR_IPSECMOD_IGNORE_BOGUS 507
|
||||
#define VAR_IPSECMOD_MAX_TTL 508
|
||||
#define VAR_IPSECMOD_WHITELIST 509
|
||||
#define VAR_IPSECMOD_STRICT 510
|
||||
#define VAR_CACHEDB 511
|
||||
#define VAR_CACHEDB_BACKEND 512
|
||||
#define VAR_CACHEDB_SECRETSEED 513
|
||||
#define VAR_CACHEDB_REDISHOST 514
|
||||
#define VAR_CACHEDB_REDISPORT 515
|
||||
#define VAR_CACHEDB_REDISTIMEOUT 516
|
||||
#define VAR_CACHEDB_REDISEXPIRERECORDS 517
|
||||
#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518
|
||||
#define VAR_FOR_UPSTREAM 519
|
||||
#define VAR_AUTH_ZONE 520
|
||||
#define VAR_ZONEFILE 521
|
||||
#define VAR_MASTER 522
|
||||
#define VAR_URL 523
|
||||
#define VAR_FOR_DOWNSTREAM 524
|
||||
#define VAR_FALLBACK_ENABLED 525
|
||||
#define VAR_TLS_ADDITIONAL_PORT 526
|
||||
#define VAR_LOW_RTT 527
|
||||
#define VAR_LOW_RTT_PERMIL 528
|
||||
#define VAR_FAST_SERVER_PERMIL 529
|
||||
#define VAR_FAST_SERVER_NUM 530
|
||||
#define VAR_ALLOW_NOTIFY 531
|
||||
#define VAR_TLS_WIN_CERT 532
|
||||
#define VAR_TCP_CONNECTION_LIMIT 533
|
||||
#define VAR_FORWARD_NO_CACHE 534
|
||||
#define VAR_STUB_NO_CACHE 535
|
||||
#define VAR_LOG_SERVFAIL 536
|
||||
#define VAR_DENY_ANY 537
|
||||
#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538
|
||||
#define VAR_LOG_TAG_QUERYREPLY 539
|
||||
#define VAR_STREAM_WAIT_SIZE 540
|
||||
#define VAR_TLS_CIPHERS 541
|
||||
#define VAR_TLS_CIPHERSUITES 542
|
||||
#define VAR_TLS_USE_SNI 543
|
||||
#define VAR_IPSET 544
|
||||
#define VAR_IPSET_NAME_V4 545
|
||||
#define VAR_IPSET_NAME_V6 546
|
||||
#define VAR_TLS_SESSION_TICKET_KEYS 547
|
||||
#define VAR_RPZ 548
|
||||
#define VAR_TAGS 549
|
||||
#define VAR_RPZ_ACTION_OVERRIDE 550
|
||||
#define VAR_RPZ_CNAME_OVERRIDE 551
|
||||
#define VAR_RPZ_LOG 552
|
||||
#define VAR_RPZ_LOG_NAME 553
|
||||
#define VAR_DYNLIB 554
|
||||
#define VAR_DYNLIB_FILE 555
|
||||
#define VAR_EDNS_CLIENT_TAG 556
|
||||
#define VAR_EDNS_CLIENT_TAG_OPCODE 557
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
@ -659,7 +661,7 @@ union YYSTYPE
|
||||
|
||||
char* str;
|
||||
|
||||
#line 663 "util/configparser.h"
|
||||
#line 665 "util/configparser.h"
|
||||
|
||||
};
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
|
@ -116,7 +116,7 @@ extern struct config_parser_state* cfg_parser;
|
||||
%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE
|
||||
%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM
|
||||
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
|
||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT
|
||||
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||
%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING
|
||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA
|
||||
@ -251,7 +251,7 @@ content_server: server_num_threads | server_verbosity | server_port |
|
||||
server_http_query_buffer_size | server_http_response_buffer_size |
|
||||
server_http_nodelay | server_http_notls_downstream |
|
||||
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
||||
server_so_reuseport | server_delay_close |
|
||||
server_so_reuseport | server_delay_close | server_udp_connect |
|
||||
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||
server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa |
|
||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||
@ -1443,6 +1443,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_udp_connect: VAR_UDP_CONNECT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_udp_connect:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0);
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
|
||||
{
|
||||
OUTYY(("P(server_unblock_lan_zones:%s)\n", $2));
|
||||
|
Loading…
Reference in New Issue
Block a user